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CLAIMS 

What is claimed is: 

1 . A method for cross domain security information conversion, the method 
comprising: 

receiving from a system entity, in a security service, security information in a 
native format of a first security domain regarding a system entity having an 
identity in at least one security domain; 

translating the security information to a canonical format for security 
information; 

transforming the security information in the canonical format using a 
predefined mapping from the first security domain to a second security 
domain; 

translating the transformed security information in the canonical format to a 
native format of the second security domain; and 

returning to the system entity the security information in the native format of 
the second security domain. 

2. The method of claim 1 wherein transforming the security information includes 
structure transformation and value transformation, including mapping a 
system entity's identity in the first security domain to a another identity in the 
second security domain. 

3. The method of claim 1 wherein receiving security information further 
comprises receiving a request for security information for the second security 
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domain, wherein the request encapsulates the security information in a native 
format of a first security domain. 

5 

4. The method of claim 3 wherein the system entity comprises a system entity 
requesting access to a resource in the second security domain. 

5. The method of claim 3 wherein the system entity comprises a system entity 
providing access to a resource in the second security domain. 

6. The method of claim 1 wherein translating the security information in a native 
format of a first security domain to a canonical format is carried out through a 
procedural software function. 



7. The method of claim 1 wherein the native format of the first security domain 
is expressed in XML, the canonical format is expressed in XML, and 
translating the security information in a native format of a first security 
domain to a canonical format is carried out in dependence upon a mapping, 
5 expressed in XSL, from the native format of the first security domain to a 

canonical format. 



8. The method of claim 1 wherein the canonical format is expressed in XML and 
the predefined mapping from the first security domain to a second security 
domain is expressed in XSL. 

9. The method of claim 1 wherein the second native format is expressed in 
XML, the canonical format is expressed in XML, and translating the 
transformed security information in the canonical format to a native format of 
the second security domain is carried out in dependence upon a predefined 

5 mapping, expressed in XSL, from the canonical format to the native format of 

the second security domain. 
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10. A system for cross domain security information conversion, the system 
comprising: 

means for receiving from a system entity, in a security service, security 
information in a native format of a first security domain regarding a system 
entity having an identity in at least one security domain; 

means for translating the security information to a canonical format for 
security information; 

means for transforming the security information in the canonical format using 
a predefined mapping from the first security domain to a second security 
domain; 

means for translating the transformed security information in the canonical 
format to a native format of the second security domain; and 

means for returning to the system entity the security information in the native 
format of the second security domain. 

1 1 . The system of claim 10 wherein means for transforming the security 
information includes means for structure transformation and value 
transformation, including means for mapping a system entity's identity in the 
first security domain to a another identity in the second security domain. 

12. The system of claim 10 wherein means for receiving security information 
further comprises means for receiving a request for security information for 
the second security domain, wherein the request encapsulates the security 
information in a native format of a first security domain. 
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13. The system of claim 12 wherein the system entity comprises a system entity 
requesting access to a resource in the second security domain. 

14. The system of claim 12 wherein the system entity comprises a system entity 
providing access to a resource in the second security domain. 

15. The system of claim 10 wherein means for translating the security information 
in a native format of a first security domain to a canonical format comprises a 
procedural software function. 

16. The system of claim 10 wherein means for translating the security information 
in a native format of a first security domain to a canonical format comprises a 
mapping, expressed in XSL, from the native format of the first security 
domain to a canonical format. 

5 

17. The system of claim 10 wherein the canonical format is expressed in XML 
and the predefined mapping from the first security domain to a second 
security domain is expressed in XSL. 

18. The system of claim 10 wherein the second native format is expressed in 
XML, the canonical format is expressed in XML, and means for translating 
the transformed security information in the canonical format to a native 
format of the second security domain comprises a predefined mapping, 

5 expressed in XSL, from the canonical format to the native format of the 

second security domain. 



28 



AUS920040010US1 



Patent Application 



19. A computer program product for cross domain security information 
conversion, the computer program product comprising: 

a recording medium; 

means, recorded on the recording medium, for receiving from a computer 
program product entity, in a security service, security information in a native 
format of a first security domain regarding a computer program product entity 
having an identity in at least one security domain; 

means, recorded on the recording medium, for translating the security 
information to a canonical format for security information; 

means, recorded on the recording medium, for transforming the security 
information in the canonical format using a predefined mapping from the first 
security domain to a second security domain; 

means, recorded on the recording medium, for translating the transformed 
security information in the canonical format to a native format of the second 
security domain; and 

means, recorded on the recording medium, for returning to the computer 
program product entity the security information in the native format of the 
second security domain. 

20. The computer program product of claim 1 9 wherein means, recorded on the 
recording medium, for transforming the security information includes means, 
recorded on the recording medium, for structure transformation and value 
transformation, including means, recorded on the recording medium, for 
mapping a system entity's identity in the first security domain to a another 
identity in the second security domain. 
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2 1 . The computer program product of claim 1 9 wherein means, recorded on the 
recording medium, for receiving security information further comprises 
means, recorded on the recording medium, for receiving a request for security 
information for the second security domain, wherein the request encapsulates 
5 the security information in a native format of a first security domain. 



22. The computer program product of claim 2 1 wherein the computer program 

product entity comprises a computer program product entity requesting access 
to a resource in the second security domain. 



23. The computer program product of claim 21 wherein the computer program 

product entity comprises a computer program product entity providing access 
to a resource in the second security domain. 



24. The computer program product of claim 1 9 wherein means, recorded on the 
recording medium, for translating the security information in a native format 
of a first security domain to a canonical format comprises a procedural 
software function. 

5 

25. The computer program product of claim 19 wherein means, recorded on the 
recording medium, for translating the security information in a native format 
of a first security domain to a canonical format comprises a mapping, 
expressed in XSL, from the native format of the first security domain to a 

5 canonical format. 



26. The computer program product of claim 19 wherein the canonical format is 
expressed in XML and the predefined mapping from the first security domain 
to a second security domain is expressed in XSL. 



27. The computer program product of claim 19 wherein means, recorded on the 



30 



AUS920040010US1 



Patent Application 



recording medium, for translating the transformed security information in the 
canonical format to a native format of the second security domain comprises a 
procedural software function. 

28. The computer program product of claim 1 9 wherein the second native format 
is expressed in XML, the canonical format is expressed in XML, and means, 
recorded on the recording medium, for translating the transformed security 
information in the canonical format to a native format of the second security 
domain comprises a predefined mapping, expressed in XSL, from the 
canonical format to the native format of the second security domain. 
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